[Technik] [SECURITY] [DSA 1311-1] New PostgreSQL 7.4 packages
fix privilege escalation
Noèl Köthe
noel at debian.org
Mon Jun 18 20:03:27 CEST 2007
Am Montag, den 18.06.2007, 01:23 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1311-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> June 17th, 2007 http://www.debian.org/security/faq
>
> Package : postgresql-7.4
> Vulnerability : programming error
> Problem-Type : local
> Debian-specific: no
> CVE ID : CVE-2007-2138
postgresql-7.4 auf h01, h02, h03, h04 und cupa aktualisiert.
> For the oldstable distribution (sarge) this problem has been fixed in
> version 7.4.7-6sarge5. A powerpc build is not yet available due to
> problems with the build host. It will be provided later.
changelog:
postgresql (7.4.7-6sarge5) oldstable-security; urgency=high
* SECURITY UPDATE: User privilege escalation.
* Add debian/patches/62secure_search_path.path:
- Support explicit placement of the temporary-table schema within
search_path. This is needed to allow a security-definer function to set a
truly secure value of search_path. Without it, a malicious user can use
temporary objects to execute code with the privileges of the
security-definer function. Even pushing the temp schema to the back of
the search path is not quite good enough, because a function or operator
at the back of the path might still capture control from one nearer the
front due to having a more exact datatype match. Hence, disable searching
the temp schema altogether for functions and operators. [CVE-2007-2138]
- Patch backported from 7.4.17 CVS:
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/namespace.c.diff?r1=1.58;r2=1.58.2.1
- Add test cases for the placement of the temp schema in the search path.
Backported from 7.4.17 CVS:
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/temp.out.diff?r1=1.9;r2=1.9.2.1
http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/temp.sql.diff?r1=1.5;r2=1.5.4.1
* Add debian/docs.patch: manpage and HTML documentation patches which
explain the changes above. Upstream keeps them in the SGML source, but
since we do not build this and instead use the pre-built files which come
in man.tar.gz and postgresql.tar.gz, we cannot use a regular
debian/patches/ patch for this.
* debian/rules: Apply debian/docs.patch in the install target to update the
files in the binary install directories.
-- Martin Pitt <mpitt at debian.org> Fri, 20 Apr 2007 11:30:38 +0200
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070618/5c837b86/attachment.pgp
More information about the Technik
mailing list